home

nswda47.tmp

City Center Games (Extreme White Limited)

The file nswda47.tmp by City Center Games (Extreme White Limited) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory.
Publisher:
City Center Games (Extreme White Limited)  (signed and verified)

MD5:
af7d5c8f45576d5379d0d4964218b830

SHA-1:
04c695406eb9a28b6db6b4bdd837843b37655240

SHA-256:
897617cfa54b3b78fce96d6d70032204388bb28062077f2b45066d3339ecc75a

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 4:19:54 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ExtremeWhite.installCore (M)
16.4.13.20

File size:
1.8 MB (1,918,040 bytes)

Common path:
C:\users\{user}\appdata\local\temp\nswda47.tmp

Digital Signature
Signed by:
City Center Games (Extreme White Limited)

Authority:
COMODO CA Limited

Valid from:
4/15/2015 10:00:00 AM

Valid to:
4/15/2016 9:59:59 AM

Subject:
CN=City Center Games (Extreme White Limited), O=City Center Games (Extreme White Limited), STREET=Tassou Papadopulu 6 (flat/office 22), L=Nicosia, S=Agios Dometios, PostalCode=2373, C=CY

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00808728FFBF020E8929813B59AA2EC529

File PE Metadata
Compilation timestamp:
5/14/2015 6:07:07 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:6QAet18VahdG1s4YkcI/F2gOKBCSnTHpSh1IoLOpfMKgPnfQOuO39lzx:6YtzBkcI/pPQso6M5

Entry address:
0x12447E

Entry point:
1F, 1D, 1D, 1F, 1C, 1D, 1D, 1F, 1F, 1F, 1F, 1D, 1C, 1D, 1D, 1F, 1F, 1D, 1D, 1F, 1C, 1D, 1D, 1F, 1D, 1D, 1D, 1C, 1D, 1F, 1D, 1D, 1F, 1D, 1D, 1C, 1D, 1D, 1F, 1F, 1F, 1D, 1C, 1D, 1D, 1F, 1F, 1D, 1D, 1C, 1D, 1F, 1D, 1D, 1D, 1F, 1D, 1C, 1D, 1F, 1D, 1D, 1D, 1F, 1D, 1C, 1D, 1F, 1D, 1F, 1F, 1F, 1C, 1D, 1F, 1D, 1D, 1D, 1D, 1D, 1C, 1D, 1D, 1F, 1F, 1F, 1F, 1C, 1D, 1D, 1D, 1D, 1F, 1F, 1F, 1C, 1D, 1D, 1F, 1F, 1D, 1F, 1D, 1C, 1D, 1D, 1F, 1F, 1F, 1D, 1C, 1D, 1D, 1F, 1F, 1D, 1D, 1C, 1D, 1D, 1D, 1F, 1F, 1D, 1C, 1D, 1D, 1D...
 
[+]

Code size:
1.3 MB (1,374,208 bytes)

Remove nswda47.tmp - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.